Clients such as wearable devices may need to authenticate with a third-party service in order to communicate with or receive content from the third-party service. This authentication may be facilitated by a device authorization service, which controls access to the client by serving as an intermediary between the client and the third-party service. If the third-party service is compromised during authentication, this presents a risk to the third-party service.